We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pulling image openzipkin/zipkin:latest yield spring-boot-3.2.4 spring - 6.1.5
in master the pom.xml stated <spring-boot.version>3.2.5</spring-boot.version> <spring.version>6.1.6</spring.version>
There are critical vulnerability with 6.1.5 that is fixed in 6.1.6 CVE-2024-22243 CVE-2024-22259 CVE-2024-22262
just pull the image and inspect BOOT-INF/lib seeing spring-boot-3.2.4.jar spring-core-6.1.5.jar
spring-boot should be at 3.2.5 and spring should be at 6.1.6
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Describe the Bug
Pulling image openzipkin/zipkin:latest yield
spring-boot-3.2.4
spring - 6.1.5
in master the pom.xml stated
<spring-boot.version>3.2.5</spring-boot.version>
<spring.version>6.1.6</spring.version>
There are critical vulnerability with 6.1.5 that is fixed in 6.1.6
CVE-2024-22243
CVE-2024-22259
CVE-2024-22262
Steps to Reproduce
just pull the image and inspect BOOT-INF/lib seeing
spring-boot-3.2.4.jar
spring-core-6.1.5.jar
Expected Behaviour
spring-boot should be at 3.2.5 and spring should be at 6.1.6
The text was updated successfully, but these errors were encountered: